It has been revealed that Microsoft has developed a tool which will enable forensic investigators to easily gather digital evidence after a crime has been committed. The COFEE is a USB device that reportedly supports 150 commands that can dramatically cut the time it takes to gather digital evidence including decrypting passwords analyzing Internet activity, and all data stored in the computer. Apparently the device has been available to the law enforcement community since June 2007, although there have not to my knowledge been any previous public revelations of its use. Microsoft’s Tim Cranton describes COFEE as “a preconfigured, automated tool” that “fits on a USB thumb drive. Prior to COFEE the equivalent work would require a computer forensics expert to enter 150 complex commands manually through a process that could take three to four hours. With COFEE, you simply plug into a running computer to extract the data with the click of one button –completing the work in about 20 minutes.” Cranton states that more than 2,000 law enforcement officers have registered for COFEE and the tool is used in over 15 countries.

COFEE is only one aspect of Microsoft’s anti-cybercrime efforts. Cranton also described the role of the Internet Safety Enforcement Team and organization founded in 2002 as making “the Internet safer and more secure for everyone. ” Although Cranton didn’t go into any further detail of what this organization actually does on a day to day basis, he does reveal that the ISET consists of “35 professionals around the globe including former prosecutors, investigators, software engineers and business professionals whose full-time job is to make the Internet a safer place.”

This seems to be somewhat at odds with Aaron Kornblum’s previous revelations about ISET which described the organization as “a worldwide group of 65 attorneys, investigators, and other professionals” but whatever the size of the organization it appears their primary work is to aid law enforcement with technical investigations. ISET aided the FBI in gathering evidence against convicted phisher Jayson Harris who was operating “a phishing scheme by creating a bogus MSN billing website and then sending e-mails to MSN customers requesting that they visit the website and update their accounts by providing credit card account numbers and other personal information. ”

The work of Peter Fifka, an ISET investigator was documented in an enjoyable 2003 article entitled Gumshoe chases Internet villains in Eastern Europe ISET also targets spammers and the creators of viruses and worms. Some are sure to question Microsoft’s motives and wonder about their influence over investigations conducted by the law enforcement community.

The Justice Department says the company doesn’t influence its investigations. Microsoft is not “driving law enforcement’s priorities,” according to Christopher Painter, deputy chief of the department’s Computer Crime Section, but given the fact that Microsoft appears to initiate at least some of the investigations conducted by ISET questions are likely to remain.

[Update: According to this article, COFEE was developed by Anthony Fung, a senior investigator on Microsoft’s Internet Safety Enforcement Team. Some additional interesting speculation about COFEE here ]

Crime.net is a term I use to describe the impact of network technologies such as the Internet and mobile phones on crime and criminal enterprises. Applications of Crime.net include the following:

Commission of crimes – this is the one part of Crime.net that’s gotten mainstream press coverage so far. Phishing, hacking into computers for credit card numbers, and so on. Data thefts at major retailers such as BJ’s Wholesale Club and Lowe’s indicate that there is probably more of this going on than has been reported in the media. And smart criminals may target smaller retailers that can’t afford the security resources of large corporations. Although not strictly a network based attack, computers have also been used to steal cars and other items as reported here and here.

Scouting targets – identifying people or places that are likely targets for crimes, and developing intelligence about targets. One blogger recently revealed how to use Google Calendar to scout potential victims for burglarly or worse. Sound far fetched? Criminals in South Africa have been observed using cell phones to photograph potential victims. Google maps provides detailed maps for locating possible escape routes, planning look out locations and so on. Satellite imagery can be used to examine roof tops for covert access points to buildings.

Sharing criminal expertise – Criminals have used websites, blogs, etc. to share methods of operation, criminal techniques and strategies, an even information about specific targets. The notorious Shadowcrew site included instructions on how to commit identity theft and fraud. Some worry that these marketplaces will become a “bazaar of violence” facilitating murder and terrorism.

Online markets for stolen goods – The Shadowcrew created an online market for stolen credit card numbers and eBay is used to “fence” stolen goods. More of these sorts of sites likely exist today.

Avoiding capture – criminals can use surveillance technologies, cell phones, etc. to warn each other of the approach of law enforcement personnel. Usually we think of surveillance technologies being used to fight crime, but criminals can also use them to avoid capture. Picture phones and wireless IP based cameras can be used to warn of the approach of law enforcement. Drug dealers use cellphones and multiple operatives to avoid capture with large quantities of cash and drugs for example. Analysis of publicly reported crime statistics can be used to predict areas with less law enforcement coverage. Imagine a future web site where criminals could determine the locations of police cars in real-time accessible over a cellphone or by using a stolen or otherwise obtained police data terminal.